Towards Performance Evaluation of Mobile Ad Hoc Network ... - cs.vu.nl

Towards Performance Evaluation of Mobile Ad Hoc Network Protocols Fatemeh Ghassemi Sharif University of Technology, Tehran [email protected]

Ali Movaghar Sharif University of Technology, Tehran [email protected]

Abstract—We present a formal framework to evaluate stochastic properties of MANET protocols. It captures the interplay between stochastic behavior of protocols deployed at different network layers, and the underlying dynamic topology. The link connectivity model, which implicitly models node mobility, specifies link up and down lifetimes. We use so-called constrained labeled multi-transition systems (CLMSs) to specify MANETs; transitions are annotated by network restrictions, capturing the topologies in which a transition is possible. A continuous Markov chain can be generated from a CLMS, to evaluate the performance of the corresponding MANET.

I. I NTRODUCTION In mobile ad hoc networks (MANETs), nodes communicate with each other using wireless transceivers (possibly along multihop paths) without the need for a fixed infrastructure. Since wireless communication is unreliable, MANET protocols should be able to tolerate faults that may arise due to unreliable communication. Performance evaluation of MANET protocols depends on physical characteristic of nodes, the underlying topology and its dynamism, and the protocol behavior itself and its collaboration with other protocols at different network layers. The physical characteristics of nodes and their underlying topology define whether two nodes can communicate effectively. For MANET protocols above the data-link layer, one of the most important factors that affect their performance are data-link layer protocols. MANET protocols are usually evaluated by means of simulation: a network of nodes is modeled and then run for a set of scenarios in a specific simulation environment. In each scenario, the set of events generated by the nodes are specified. The simulation environment may take into account the physical area in which nodes are located, the time duration of simulation, the physical characteristics of nodes, and a node mobility model, which defines the speed and direction of a node’s movement over time. Formal methods offer an interesting alternative to model such networks, and evaluate them using (semi-)automated tools. In this paper we aim at providing a framework to evaluate the performance of MANET protocols above the datalink layer regarding physical characteristic of nodes, the underlying topology, node mobility, and data-link protocols. Key parameters are the data-link layer response time, its message queue capacity, the probability that a node receives

Wan Fokkink Vrije Universiteit, Amsterdam [email protected]

a message (Prcv ), and a mobility model. A mobility model is captured by the link connectivity model which is characterized by means of link up or down lifetimes. By this framework we can evaluate responsiveness of a MANET protocol deployed on a specific data-link layer in a dynamic network and measure how quickly a MANET protocol reaches its goals (like information dissemination) and how these parameters effect on its performance. We provide socalled constrained labeled multi-transition systems (CLMSs) to specify MANETs; transitions are annotated by network restrictions, capturing the topologies in which a transition is possible. The rates of transitions are adjusted regarding physical layer issues, data-link layer and mobility of nodes. A continuous Markov chain can be generated from a CLMS, to evaluate the performance of the corresponding MANET using e.g. a probabilistic model checker. We apply this approach to a protocol that uses flooding to determine the maximum identifier in a MANET. II. C ONCEPTS FOR M ODELING MANET S The main modeling concepts of MANETs are wireless communication and the dynamism of the underlying topology. Nodes are equipped with wireless transceivers, by which they send and receive information. For each (sender) node, a transmission range is considered, which is an area in which the strength of emitted signals (of data) from the node is strong enough to be sensed by other nodes. The transmission range is not the same for different nodes, and depends on the power used to emit the signal. A. Wireless Communication MANETs have a modular (or layered) design. A layer is a collection of conceptually similar functions that provides services to the layer above it and receives services from the layer below it. The Open System Interconnection (OSI) Reference Model is an abstract description for layered communication and computer network protocols. In its most basic form, it divides network protocols into seven layers which, from top to bottom, are the application, presentation, session, transport, network, data-link, and physical layers. Protocols at the physical layer primarily concern the interaction of a single device with a medium, while protocols at the datalink layer concern interactions of multiple devices with a shared medium. The Media Access Control sub-layer (MAC)

manages the access of several network nodes to a shared transmission medium and resolves their contention. In this paper we focus on performance evaluation of protocols above the data-link layer. Thus our formal framework should embed the services of lower layers (data-link and physical layers) in its syntax and semantics, as well as wireless communication provided by the data-link layer. In a MANET, when a node broadcasts, all nodes located in its transmission range are potential receivers. This local broadcast is non-blocking and lossy, which means the sender delivers its message to its data-link layer irrespective of who is going to receive, and a receiver may lose the message due to signal interference. If two nodes with a common node in their transmission range broadcast simultaneously, the emitted signals may interfere at the receiver. MAC sublayer protocols, at each node, are responsible to prevent such interferences in MANETs. However, interferences can not be avoided completely; for instance, IEEE 802.11 exploits a schema to reduce interferences, but does not offer any recovery on broadcast frames. Generally there are two types of local broadcast implemented in the data-link layer, namely unreliable and reliable (including unicast communication). In unreliable local broadcast, each message broadcasts once, while in reliable local broadcast, each message is transmitted several times. The duration of an unreliable broadcast is equal to the duration a node needs to wait to obtain the medium, and this duration (called average service time Ts ) can be abstracted by the average response time TMac . The average response time is the average time a message spends in a data-link layer queue, either waiting (Td ) to be transmitted or being transmitted (Ts ). For instance, the average response and service time for unreliable broadcast in the IEEE 802.11 MAC protocol is modeled in [1]. Let Loc denote a finite set of addresses, ranged over by ℓ, which represent hardware addresses of nodes. Since transmission is lossy, a node ℓ will receive the data with some probability Prcv ℓ . In [2], this probability is computed by taking the distance, signal strength and interference of other nodes into account. Thus this parameter provides an abstraction from the effects of physical characteristics of nodes and their interferences. To provide a suitable modeling framework for the evaluation of protocols above the data-link layer while the functionalities of the MAC sub-layer are embedded, we consider unreliable local broadcast in our framework, and we abstract away from collisions and only consider successful receive actions. Therefore we can interleave concurrent local broadcasts regarding successful receives. We model the datalink layer as a queue with a bounded capacity, and an average response time TMac . Hence when a node broadcasts, if the data-link layer queue is not full, it gets the message and on average transmits it after TMac time units. If a node is located in the communication range of the sender, it will receive the data with probability Prcv .

A, B, C denote concrete addresses. We say that a node B is connected to a node A, if A is located within the transmission range of B. It is said that A is in the vicinity of B. For instance, in Fig. 1, nodes A and C are located in the transmission range of B. Hence they can receive data from B. This connectivity relation between nodes, which is not necessarily symmetric, introduces a topology concept. A topology is a function γ : Loc → IP Loc, where γ(ℓ) denotes the set of nodes that ℓ is connected to. This function models unidirectional connectivity between nodes. For instance in Fig. 1, the underlying topology is γ(A) = ∅, γ(B) = {A, C}, γ(C) = {B}.

C B

A

Figure 1. The transmission range of each node is indicated by a circle: nodes B and C are connected to each other, while B is connected to A.

B. Mobility Since nodes in MANETs are mobile, the underlying topology changes. There are two approaches to modeling topology changes. One models the underlying topology explicitly as a part of the semantics; then mobility is modeled by internal transitions to states with a different network topology. In the other approach, mobility is modeled implicity; each state is representative of all possible topologies (under a mobility model) a network can meet, and a network can be at any of these topologies. We model mobility implicitly in the semantics following the approach given in [3], [4]. In this approach each state is representative of all possible topologies (under a mobility model) and each transition is subscripted by a set of topologies for which such behavior can be observed. This approach results in a compact labeled transition system and releases us from encoding the underlying topology as part of the state. We introduced network restrictions in [4] to formally specify the set of possible topologies after a synchronization. We assume a binary relation on Loc×Loc, which imposes connectivity relations between addresses. A relation B A denotes that a node with address B is connected to a node with address A, meaning that A can receive data from B. A network restriction is a set of relations ℓ ℓ′ . We write B A, C for {B A, B C}. The empty network restriction {} denotes all possible topologies. Let C(ℓ) denotes the set of nodes that ℓ is connected to. Each network restriction C represents a set of topologies that satisfy the relations in C, i.e. ∀γ ∈ C · C(ℓ) ⊆ γ(ℓ). A mobility model may restrict the set of topologies a network can meet, and some topologies may occur with

higher probability. To evaluate MANET protocols regarding network topology and mobility of nodes, we compute the probability of the (topologies in) C under a mobility model. Node mobility follows a mobility behavior/model. There are several mobility models used in the evaluation of MANET protocols [6]. The random waypoint model is one the most commonly used mobility models for simulations of MANETs. In this model, each node selects a random destination, uniformly distributed within the two-dimensional space, and then moves toward the destination at a speed that is uniformly distributed between the minimum and maximum speed. When a node reaches its destination, it pauses for a constant pause time. After the pause time expires, a new destination is selected, and the node again moves toward the destination at a random velocity. Node mobility, coupled with physical layer characteristics, determines the status of link connections and, hence, the dynamic topology. To abstract from node mobility behavior and physical layer issues, following [5], we exploit a link connectivity model which implicitly models mobility behavior. The link connectivity model is a two-state Markov chain (i.e. UP and DOWN states) to model the link between each pair of nodes. The link UP lifetime and link DOWN lifetime are random variables. We denote the mean values of the link UP and DOWN lifetimes between nodes A and B as TAB,UP and TAB,DOWN , respectively. In our model, we assume that the link UP and DOWN lifetimes are exponentially distributed random variables. For example, in [5] a network of 10 nodes in a 100×100 square was analyzed using the random waypoint mobility model. The radio range was fixed at 20 units, the maximum node velocity at 20 units per second, and the pause time at 5 sec. The average link UP and DOWN lifetimes were approximated using simulations: 21 and 120 sec. respectively. To achieve the same steadystate average values for the link UP and DOWN lifetimes for the random waypoint model (with the above parameters), we let TBA,UP = 21 sec. and TBA,DOWN = 120 sec. Hence we can compute P (BA = UP ) using the two-state link 21 ≈ 0.15. connectivity model, shown in Fig. 2, by 21+120 We can model different types of node mobility models considered in the study of MANETs by defining these two parameters for each pair of nodes. 1/21

UP

Down

1/120

Figure 2.

A two-state link connectivity model.

Since nodes are mobile and their mobility is independent of each other, the status of links between each arbitrary pair is independent of others. Consequently we can compute the

probability P (γ) of each possible topology γ in the steadystate of a mobility model using the two-state Markov chains of each pair of nodes. The probability of γ in Fig. 1 is P (BA = UP )×P (BC = UP )×P (CB = UP )×P (AB = DOWN ) × P (AC = DOWN ) × P (CA = DOWN ). C. Interplay of Network Layers and Mobility To evaluate MANET protocols, there are many factors to take into consideration: network topology, network traffic, node mobility, and physical layer issues, including the radio frequency channel, terrain, antenna properties, and, perhaps, energy and battery characteristics. Consequently to evaluate a MANET behavior under a network restriction C, we consider the effect of network layers and node mobility: we compute the probability of synchronization induced by C regarding physical layer issues and interferences of other nodes under a mobility model denoted by Pr (C). To evaluate a MANET protocol regarding physical layer issues and interferences of other nodes, we compute the probability of a synchronization between a sender and a set of receivers. Let ℓ be the address of a sender and r the set of possible receivers; when a message m is sent, the set of nodes ready to receive such a message are the possible receivers. A possible receiver can successfully receive with probability Prcv , if it is in the range of transmitter. Let s ⊆ r be the set of nodes that receive m (synchronize). Let P (ℓ, s|γ, r) denote the probability that nodes in s are synchronized to ℓ when the underlying topology is γ and possible receivers are r. We have P (ℓ, s|γ, r) = Q ′ ℓ′ ∈Loc P (ℓ |ℓ, s, γ, r) where: 8 P > < rcv ℓ′ 1 − Prcv ℓ′ ′ P (ℓ |ℓ, s, γ, r) = > 1 : 0

ℓ′ ∈ γ(ℓ) ∩ r ∧ ℓ′ ∈ s ℓ′ ∈ γ(ℓ) ∩ r ∧ ℓ′ 6∈ s ℓ′ 6∈ γ(ℓ) ∧ ℓ′ 6∈ s otherwise

When a node ℓ′ is in the transmission range of node ℓ such that it is a possible receiver (ℓ′ ∈ γ(ℓ) ∩ r), then it successfully synchronizes with the sender (ℓ′ ∈ s) with probability Prcv ℓ′ , as indicated by the first case, or it loses the data (ℓ′ 6∈ s) with probability 1 − Prcv ℓ′ as indicated by the second case. The third and fourth cases are straightforward. Suppose the transmission of message m by a node with address ℓ in a MANET is possible for set of topologies represented by C. Each C induces a synchronization between ℓ and C(ℓ). Thus P (ℓ, C(ℓ)|γ, r) denotes the probability of a synchronization induced by the network restriction C regarding physical layer issues and interferences of other nodes, when the underlying P topology is γ with possible receivers r. Consequently γ∈C P (γ) × P (ℓ, C(ℓ)|γ, r) computes the probability of a synchronization induced by the network restriction C regarding physical layer issues and interferences of other nodes under a mobility model. Let Γ and C denote the set of possible topologies and network restrictions over Loc → IP Loc and Loc × Loc respectively. The triple (Γ, C, Pr ) constitutes a probability space P where Pr : C → [0, 1] assigns γ∈C P (γ) × P (ℓ, C(ℓ)|γ, r) to each C regarding the set of possible receivers specified

by r. For instance, the probability of B A for possible receivers s = {A, C}, is computed as follows: P{A,C} (B A) = Prcv A × (1 − Prcv C ) × P (BA = UP ) × P (BC = UP ) + Prcv A × P (BA = UP ) × P (BC = DOWN )

where Prcv A and Prcv C result from the data-link abstraction, and P (BA = UP ), P (BC = UP ) and P (BC = DOWN ) result from the mobility model. III. T HE F ORMAL M ODEL Constrained labeled transition systems were introduced in [4] for giving an operational semantics to Restricted Broadcast Process Theory, a process algebra for the specification and verification of MANETs. Here we add concepts from Extended Markovian Process Algebra (EMPA) semantics, a stochastic process algebra [7]. The resulting constrained labeled multi-transition systems (CLMSs) can be used to stochastically specify MANETs. The transitions in a CLMS are annotated by network restrictions to indicate the set of possible topologies under which such behavior is possible. Before giving the formal definitions of our framework, we first explain the notations used in our definitions. To specify data-dependent behavior of MANET protocols, we consider a typed data domain D, with a set of typed operations to specify data terms. D should contain the (distinct) booleans true and false. Let V denote a set of (typed) data variables ranged over by x, y. Let u range over close data terms, and w over open data terms. Following the approach of abstract data types [8], we use a set ID of equations to represent the semantics for data terms: two data terms u1 and u2 are equal if and only if they are equal in the data semantics, denoted by ID |= u1 = u2 . An assignment is of the form x := w, where x ∈ V and w belong to the same data type. An environment is a welltyped mapping θ : X → D, where X ⊆ V . Θ denotes the set of all environments over V and D. We use w b to denote a finite sequence w1 , . . . , wk , x b := w b for a sequence of assignments {x1 := w1 , . . . , xk := wk }, w{b u/b x} for a sequence of substitutions {u1 /x1 , . . . , uk /xk } in w, and w{θ} for w{u/x|(x, u) ∈ θ}, which can be extended to a sequence of data terms by w{θ}. b Let M denote a set of message types communicated over a network and ranged over by m; each message type has a set of parameters of type D and is declared by m(D1 , . . . , Dn ). The finite set dom m : IP (D1 × . . . × Dn ) defines the set of possible assignments to the message parameters of m. Following the approach in [4], we define our framework in two levels: process and network level. At process level, we define the behavior of a process. A MANET consists of a number of nodes that each deploy a process to run. There are two types of actions performed by a process: sending or receiving an action, denoted by m(w)! b and m(w)?, b respectively. A rate is assigned to each action to indicate

the speed at which the action occurs (from the viewpoint of a data-link layer). According to the rates, there are two types of actions: active and passive: • Active actions define the rate of synchronization, and their rate is a positive real number, interpreted as the parameter of the exponentially distributed random variable specifying the duration of the action. • Passive actions whose rate, denoted by ⊥, is undefined. The duration of a passive action is fixed only by synchronizing it with an active action. All send actions are active while receive actions are passive. Definition 1: A process is specified as an extended action Markov chain hS, X, M, →, s0 , ζ0 i over a data domain D: • S is a set of states. • X ⊆ V is a set of local variables for the process. • M is a finite set of message declarations that can be sent or received by the process. • → is a set of transitions. A transition is a tuple (s, (α, r), s′ , hg, ζi) where: – s, s′ ∈ S are the source and target state. – α is a send/receive action, and r ∈ IR≥0 ∪ {⊥} its corresponding rate. – g, a Boolean data term, is the transition guard. – ζ is a set of simultaneous assignments of the form x b := w, b where the xi ∈ X are pairwise distinct. • s0 ∈ S is the initial state. • ζ0 is the set of initial assignments of local variables to closed data terms, i.e. x := u, ∀x ∈ X. Example. As running example we consider a protocol in which the nodes use a flooding approach to find out the maximum identifier in the network. Hereafter we call this protocol the Max protocol. Each node broadcasts its knowledge about id regularly by sending the message know (id ) with a rate r. When a node receives a know (x ) message from a node in its vicinity, it updates its knowledge if x > id and then continues its broadcast. If x ≤ id , it broadcasts with a smaller speed (since the nodes in its vicinity know its id with a high probability). Let Nat denote the natural numbers data type. The specification of this protocol for a node with initial identifier n is h{Sn0 , Sn1 }, {idn , xn }, {know (Nat)}, →n , Sn0 , {idn := n, xn := n}i, where →n is shown in Fig. 3. The − notation in h−, −i and hxn ≤ idn , −i on transition labels denotes an empty condition or assignment. When a process P is defined, it is deployed at a node with address ℓ, where the underlying data-link layer has capacity K and response time TMac . This is denoted by P : (TMac , K) : ℓ. Nodes are composed using a parallel Q composition operator to form a MANET. Definition 2: Let Pi := hSi , Xi , Mi , →i , s0i , ζ0i i denote the processes deployed at nodes i = 1, · · · , n, with data-

(know(idn)!,r),‹-,-› (know(xn)?, ),‹-,-›

Sn

Sn

0

1

(know(idn)!,r/2),‹xn!idn,-› (know(xn)!,r),‹xn>idn,idn:=xn›

Figure 3.

Extended action Markov chain of the Max protocol.

link layer (TMac , K) and network address ℓQ i , such that the Xi (and ℓi ) are pairwise disjoint. Then 1≤i≤n Pi : (TMac , K) : ℓi is a MANET. Example. The specification of aQ MANET with n nodes, each deploying the Max protocol, is 1≤i≤n Max i : (TMac , K) : Ai where Max i = h{Si0 , Si1 }, {idi , xi }, {know (Nat)}, →i , Si0 , {id := i, x := i}i. We use constrained multi-transition labeled transition systems to give a formal semantics of MANETs. In each process state of a network node, there may be a number of delayable send actions competing to access the datalink layer. Following [7], [9], we adopt the race policy mechanism for choosing the active action to execute: the action sampling the least duration wins the competition to access the data-link layer. The passive actions are executed non-deterministically. In each MANET configuration (state), there may be a number of local broadcasts (competing to access the shared communication medium). We consider an interleaving semantics between two local broadcasts which is correct from the modeling point of view, since we abstract from collisions and only consider successful receives, and also from the performance point of view, due to the memoryless property of exponential distributions. Thus when two local broadcasts (m1 !{ℓ1 }, r1 ) and (m2 !{ℓ2 }, r2 ) can be done in a configuration, they can be done in an arbitrary order; if we assume that m1 !{ℓ1 } is completed before m2 !{ℓ2 }, then the residual time to the completion of m2 !{ℓ2 } is still exponentially distributed with rate r2 . Since local broadcast is non-blocking, when a send action is performed by a process of a node, it is received by its datalink layer. Thus in Definition 3, we define the behavior of a process deployed at a node in a MANET regarding its datalink layer queue; when a message is broadcast, it is inserted into the queue of the data-link layer of its node, and if the queue is full, the message is dropped by the data-link layer. The data-link layer of each node transmits messages by the average time TMac . Hence the sojourn time corresponding to the transmission of a message from the data-link layer to its possible receivers (denoted by r) is an exponentially 1 , called rMac heredistributed random variable with rate TMac

after. The data-link layer transmission can be synchronized with receive actions of other processes, when a sender is connected to receivers represented by a network restriction C. The rate of a synchronization is rMac × Pr (C) × β, where Pr (C) is the probability of synchronization induced by C regarding the physical layer and mobility of nodes, and β is a normalization factor required when there is a nondeterministic choice between receive actions at a node; a choice between multiple passive actions is treated as equiprobable. The formal semantics of a MANET is given below. Let Qi denote the queue of the data-link layer of a node, containing i messages waiting to be transmitted. Qi .m(w), b i < K denotes that a new message m(w) b was received by the data-link layer and inserted at the end of its queue. Q Definition 3: The semantics of a MANET 1≤i≤n Pi : (TMac , K) : Qℓi , where Pi = hSi , Xi , Mi , →i , s0i , ζ0i i, denoted as [[ 1≤i≤n Pi : (TMac , K) : ℓi ]], is a CLMS hC, Σ, →, Ii, where: • C = S × Q × Θ is a set of configurations, where S × Q = (S1 × IP (M1K )) × · · · × (Sn × IP (MnK )) represents composition of states of processes and their corresponding data-link queue, and Θ is the set of all possible environments X → D with X = X1 ∪· · ·∪Xn . • Σ = {m(b u)!{ℓi }, m(b u)!|m ∈ Mi ∧ 1 ≤ i ≤ n} is a set of transition labels, ranged over by η. The label m(b u)!{ℓi } denotes transmission of a message m(b u) from the data-link layer of a node with address ℓi , while m(b u)! denotes transmission of message from a process to its data-link layer. • → is a multi-set of transitions, where each transition is a tuple of ((s × Q, θ), (η, r), C, (s′ × Q′ , θ′ )), (η,r)

−−−→C (s′ × Q′ , θ′ ). denoted by (s × Q, θ) Here s × Q = ((s1 , QL1 ), · · · , (sn × QLn )), s′ × Q′ = ((s′1 , Q′L′ ), · · · , (s′n , Q′L′n )) with 1 ′ L1 , . . . , Ln , L1 , . . . , L′n ≤ K. Let ζ be a set of assignments, then θ′ satisfies the following properties: {∀x ∈ X.(∃w · x := w ∈ ζ ⇒ (x, w{θ}) ∈ θ′ )∧ (∄w · x := w ∈ ζ ⇒ (x, θ(x)) ∈ θ′ )}. The values of variables x ∈ X in θ are updated if there is an assignment x := w in ζ, otherwise its value is unchanged. The values of s′ × Q′ , r, ζ and C are defined according to η: – If η = m(b u)!, then ∃1 ≤ i ≤ n : (si , (m(w)!, b ri ), s′i , hgi , ζi i) ∈ →i such that u b = w{θ}, b ID |= gi {θ} = true. Consequently ∀1 ≤ j ≤ n · (i 6= j) ⇒ (s′j , Q′L′ ) = (sj , QLj ) j u) with L′i = Li + 1, r = ri , and Q′L′ = QLi .m(b i ζ = ζi and C = {}. – If η = m(b u)!{ℓi }, then ∃N = {k|(sk , (m(b xk )?, ⊥), s∗k , hgk , ζk i) ∈ →k ,ID |= gk {θ} = true, k ≤ n, k 6= i}, and ∃Nr , Nm where N = Nr ∪ Nm , Nr ∩ Nm = ∅:

When η = m(b u)!, there is a process Pi which transmits message m(b u) to its data-link layer. Hence the states and queues of all nodes except Pi are unchanged, while u) with L′i = Li + 1. When η = m(b u)!{ℓi }, Q′L′ = QLi .m(b i it means that the data-link layer of a node with address ℓi transmits data from its queue. For this message m(b u)!{ℓi }, the possible set of receivers are nodes performing m(b x)?, computed in the set N . Among these nodes, Nr is the set of nodes that are connected and synchronized to the sender, while the nodes in Nm are disconnected or lost the data. Hence the queues of all data-link layers except node ℓi are unchanged, and states of nodes that actively received the data, i.e. nodes in Nr , are changed according to the receive transition in their corresponding process. The probability PN (C) computes the probability of this synchronization regarding the physical layer and mobility of nodes as explained in Section II-B. The normalization factor βNr is computed regarding the number of alternative receive actions in each node in Nr . The operator k S k returns the size of the set S. Q Example. Consider the MANET : 1≤i≤2 Max i (TMac , 1) : Ai . The transitions of the configuration (((S10 , ∅), (S21 , 1)), {(id1 = 1), (x1 = 1), (id2 = 2), (x2 = 1)}) are shown in Fig. 4. The values in the queues of the data-link layers are presented abstractly by 1,2 instead of know (1), know (2). The values of rMac10 and rMac1 are rMac × P{A1 } ({}) and rMac × P{A1 } ({A2 A1 }) respectively. In this configuration, the node A1 is in state 0 of its process, so it can send a message to its data-link layer since its queue is empty. Node A2 is in state 1 of its process and its data-link layer has a message to transmit. Thus this node can send a message to its data-link layer, but since its queue is full (K = 1), the message is dropped. When its data-link layer transmits data, node A1 can synchronize with it (since it is in state 0 of its process) with probability P{A1 } ({A2 A1 }). IV. M ARKOVIAN S EMANTICS OF MANET S The semantics of a MANET derived in Definition 3 is the stochastic model of the MANET: each configuration of the semantics is a state of the stochastic process, and the

{}

(know(1)!,r)

{}

S10 ,1, S21 , 2 id1=1,x1=1,id2=2,x2=2

(kno w(2) !{A2 } ,r

Mac1

{}

0)

S10 , , S21 , id1=1,x1=1,id2=2,x2=2

1 ac

Q0 )), θ0 ), with Q0 the I = (((s01 , Q0 ), · · · , (s0n ,S empty queue and ∀x := u ∈ 1≤i≤ ζ0i · (x, u) ∈ θ0 .

{ } id1=1,x1=1,id2=2,x2=2

M

•

id1=1,x1=1,id2=2,x2=1

(know(2)!,r/2)

},r A2 A1 )!{ (2 w A2 no (k

Q xk )?, ⊥), s′′k , hgk , ζi) ∈→k | ( ∀k∈Nr k {(sk , (m(b ID |= gk {θ} = true} k)−1 .

S10 , , S20 , 2

S10 , , S21 , 2 (know(1)!{A1},rMac)

∗ ∀j ≤ n · j 6∈ Nr ⇒ s′j = sj ∧ j ∈ Nr ⇒ s′j = s∗j , and ∀j ≤ n · j 6= i ⇒ Q′L′ = QLj and j u); Q′L′ = QLi −1 , where QLi = QLi −1 .m(b i S u/b xk } ∪ {b xk := u b}; ∗ ζ = Sk∈Nr ζk {b ∗ C = k∈Nr ℓi ℓk ; and ∗ r = rMac × PN (C) × βNr , where βNr is the normalization factor:

S11 , , S21 , id1=1,x1=2,id2=2,x2=2

Figure 4. The transitions of ((S10 , Q ∅), (S21 , 1), {(id1 = 1), (x1 = 1), (id2 = 2), (x2 = 1)}) in MANET 1≤i≤2 Max i : (TMac , 1) : Ai .

transitions between states are defined by transitions in the multi-set relation of the semantics. Since rMac ∈ IR≥0 , all action durations are exponentially distributed, and the total transition rate between two states is the sum of the action rates labeling transitions connecting the corresponding configurations in the semantics, as shown in the following theorem. Its proof is straightforward (cf. [9]). Theorem 1: Given a finite MANET model hC, Σ, →, Ii. Let the stochastic process X(t) be defined such that X(t) = c for some c ∈ C indicates that the MANET is in configuration c at time t. Then X(t) is a Markov process. If transition rates are independent of the time at which a transition occurs, the Markov process is timehomogeneous. One can use the derived stochastic model, a time-homogeneous continuous Markov chain, to evaluate the performance of a MANET in terms of different data-link layer service quality, mobility models, and protocol behavior. Q Example. The MANET 1≤i≤2 Max i : (TMac , 1) : Ai ’s stochastic model is the same as its semantic model (the stochastic model corresponding to Fig. 4 is shown in Fig. 5). We evaluate the probability that both nodes are informed about the maximum identifier by time t. We assume that r = 25, that nodes run the IEEE 802.11 MAC protocol (TM ac = 1.7 × 10−3 ) [1] with Prcv = 0.8, and that nodes move according to the random waypoint model with parameters given in Section II-B (consequently PUP = 0.835 for each pair of nodes). Given initial values, the transition rates of the stochastic model for the MANET are defined. Let Z be a stochastic variable denoting the time at which both nodes are informed about the maximum identifier. We used the probabilistic model checker PRISM [10], to evaluate the property P (Z < t) using Continuous Stochastic Logic on the derived stochastic model. The result is shown in Fig. 6. The probability that both nodes know about the maximum identifier by t = 0.2 when moving according to the random waypoint model is 0.8, and by t = 0.6 all nodes

r/2 rMac10

r

ac

rM

1

rMac

Figure 5.

The stochastic model corresponding to Fig. 4.

know the maximum identifier with probability (almost) 1. n=2,K=1,r=(1.7×10 3) 1,PUP=0.835 1

P((Z